> I think it would be good to let a crash dump handler open a device file> to get control. Before dumping core, the kernel checks for a crash dump> handler running with the same UID. If one is found, the dying process> sleeps and the crash dump handler is asked to respond.

That would remove process invocation from the kernel path.

You could do a lot of *this* in user space by having a library function
set the default value for all signals, or just SIGSEGV, to a function
that uses some kind of IPC, such as writing to a fifo whose name includes
the uid. I wonder if it's possible to use preloading to inject that
snippet of code into an existing executable without relinking it and
without touching libc.